Privacy Policy

As guardians of your data, privacy and security is at the forefront of everything we do. We have taken steps to ensure your data remains private and secure and that we are fully compliant with the General Data Protection Regulation (GDPR).

 

Your Data & What We Do

 

We do not hold any personal information beyond that which is necessary for billing, through a third-party service GoCardless.com. Unless agreed separately in writing, your subscription will be managed via a Direct Debit service with your information being used to process payments. Any information is only kept for the duration of your subscription and is removed from our system upon termination.

 

All other information held within the OnGo Work Desk system remains your property and is securely held within our cloud services (see Our Servers / Infrastructure below). Processing is carried out on all data as part of the normal operation of the OnGo Work Desk system. This can include, but not limited to, generating automated alerts based on the results of submitted data, generating and processing "job" related information as per user allocations and performing automated analytics for dashboard and static reporting. We also maintain several services which monitor our systems for errors and flaws to flag up to us areas in need of attention.

 

Upon termination of contract we offer a 30-day period to retrieve any and all data from our systems. Any data on our system after the 30-day period is automatically removed from our systems.

 

If you would like to make a subject access request (SAR) then please send an e-mail to info@ongoworkdesk.com and we will be more than happy to assist (Please Note: for larger requests please allow up to 7 days for processing)

 

 

Our Servers/Infrastructure

 

OnGo Work Desk provides mobile solutions in a SaaS (Software as a Service) architecture and utilises Microsoft Azure for its cloud services. Microsoft Azure provides a security-hardened infrastructure used by some of the world's largest companies such as Samsung, GE Healthcare and Boeing, and provides rapid, managed, up-to-date patches for security vulnerabilities as they are discovered and provides continuous security-health monitoring on all areas of the infrastructure.

 

Resilience and redundancy is at the heart of cloud services and the Microsoft Azure platform provides for failover to one of many data centres around the world in the event of any problems and active data replication allows for rapid disaster recovery with minimal downtime and/or loss.

 

In addition to the robust security provided by Microsoft Azure cloud services, OnGo Work Desk has built within its core additional security layers to ensure the maximum protection for all of our client data. In the unlikely event of a security breach of the cloud services, our added layers ensure that no information accessed of a sensitive nature would be readable without the relevant authentication tokens.

 

For further reading, please see https://docs.microsoft.com/en-us/azure/security/.

 

 

Our Systems/Data

 

OnGo Work Desk utilises secure end-to-end encryption on all data during transit to and from mobile devices, our web-based control panel and via our API systems.

 

Data within the OnGo Work Desk system is held in a secure SQL database where all data is encrypted at rest using Transparent Data Encryption. And any all connections to the database are encrypted and direct access is severely restricted through firewall rules and authentication mechanisms requiring proof of identity and internal authorisation. Any and all activity within the OnGo system is logged and actively monitored for unusual activity.

 

Passwords and account data are additionally hash encrypted within the database with unique, account level salt ensuring that the data is unreadable (even to us) without the user's authentication token.

 

For further reading, please see

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-security-overview
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption

 

 

ICO (Information Commissioner's Office)

 

We are registered with the UK ICO and you may review our register entry here.

 

GDPR & Data Protection

 

We have adopted a personal data and privacy protection policy, in line with the Data Protection Act 1998, and the changing regulations as part of GDPR, to establish and maintain an superior level of data privacy protection. This policy is applicable to all records collected on the site domain ongoworkdesk.com electronically that contain personal and sensitive data. Our data servers are secure and closely monitored for intrusions and additional security measures have been enacted to ensure any data held is kept safely and securely.

 

We will never make available or supply any personal, sensitive or otherwise compromising information to any third party unless legally requested to do so. All data held on servers licensed and operated by us remain our client's sole property and upon terminations of contract we will make all data held by us available in a secure, compressed format for up to 30 days, after which time any and all data will be removed from our systems.

 

To make a request for more information, or to enquire about our data and privacy protection policies, contact us at info@ongoworkdesk.com

Hillo Software Ltd.

48 Union Street
Hyde

SK14 1ND